Header range check hash circuit
    1.
    发明授权
    Header range check hash circuit 有权
    标题范围检查散列电路

    公开(公告)号:US07346059B1

    公开(公告)日:2008-03-18

    申请号:US10657497

    申请日:2003-09-08

    CPC分类号: H04L12/4625

    摘要: A technique efficiently searches a hash table containing a plurality of “ranges.” In contrast with previous implementations, the technique performs fewer searches to locate one or more ranges stored in the hash table. To that end, the hash table is constructed so each hash-table entry is associated with a different linked list, and each linked-list entry stores, inter alia, “signature” information and at least one pair of values defining a range associated with the signature. The technique modifies the signature based on the results of one or more preliminary range checks. As a result, the signature's associated ranges are more evenly distributed among the hash table's linked lists. Thus, the linked lists are on average shorter in length, thereby enabling faster and more efficient range searches. According to an illustrative embodiment, the technique is applied to flow-based processing implemented in an intermediate network node, such as a router.

    摘要翻译: 技术有效地搜索包含多个“范围”的散列表。 与先前的实现相比,该技术执行较少的搜索来定位存储在散列表中的一个或多个范围。 为此,构建哈希表,使得每个散列表条目与不同的链表相关联,并且每个链表列表条目尤其存储“签名”信息和至少一对定义与 签名。 该技术基于一个或多个初步范围检查的结果修改签名。 因此,签名的关联范围在哈希表的链表之间更均匀地分布。 因此,链表的长度平均更短,从而实现更快更有效的范围搜索。 根据说明性实施例,该技术被应用于在诸如路由器的中间网络节点中实现的基于流的处理。

    Hardware filtering support for denial-of-service attacks
    2.
    发明授权
    Hardware filtering support for denial-of-service attacks 有权
    硬件过滤支持拒绝服务攻击

    公开(公告)号:US07411957B2

    公开(公告)日:2008-08-12

    申请号:US10811195

    申请日:2004-03-26

    IPC分类号: H04L12/28 G06F11/30

    摘要: A system and method is provided for automatically identifying and removing malicious data packets, such as denial-of-service (DoS) packets, in an intermediate network node before the packets can be forwarded to a central processing unit (CPU) in the node. The CPU's processing bandwidth is therefore not consumed identifying and removing the malicious packets from the system memory. As such, processing of the malicious packets is essentially “off-loaded” from the CPU, thereby enabling the CPU to process non-malicious packets in a more efficient manner. Unlike prior implementations, the invention identifies malicious packets having complex encapsulations that can not be identified using traditional techniques, such as ternary content addressable memories (TCAM) or lookup tables.

    摘要翻译: 提供了一种系统和方法,用于在分组可以转发到节点中的中央处理单元(CPU)之前自动识别和去除中间网络节点中的恶意数据分组,例如拒绝服务(DoS)分组。 因此,CPU的处理带宽不被识别并从系统内存中删除恶意数据包。 因此,恶意数据包的处理本质上从CPU中“卸载”,从而使CPU能够以更有效的方式处理非恶意数据包。 与先前的实现不同,本发明识别具有复杂封装的恶意数据包,这些封装不能使用诸如三进制内容可寻址存储器(TCAM)或查找表之类的传统技术来识别。

    Pre-fetching and invalidating packet information in a cache memory
    3.
    发明授权
    Pre-fetching and invalidating packet information in a cache memory 有权
    在高速缓冲存储器中预取和使分组信息无效

    公开(公告)号:US07155576B1

    公开(公告)日:2006-12-26

    申请号:US10446021

    申请日:2003-05-27

    IPC分类号: G06F12/00 G06F15/16

    CPC分类号: G06F12/0862

    摘要: A technique for managing a cache memory coupled to an intermediate node's processor. Packets acquired by the intermediate node that are destined for processing by the processor are tracked, without the processor's intervention, to determine if the processor is lagging in processing the acquired packets. If so, data associated with unprocessed packets are pre-fetched from an external memory and placed in the cache memory without the processor's intervention. Moreover, packets destined for processing by the processor and placed into the cache memory are tracked, without the processor's intervention, to determine if the processor has, in fact, completed the processing of those packets. If so, data contained in the cache memory that is associated with the processed packets are invalidated, again without the processor's intervention.

    摘要翻译: 一种用于管理耦合到中间节点处理器的高速缓冲存储器的技术。 在处理器干预的情况下,跟踪由中间节点获取的目的地由处理器处理的数据包,以确定处理器是否滞后于处理所获取的数据包。 如果是这样,与未处理的数据包相关联的数据将从外部存储器预取,并放置在高速缓冲存储器中,而无需处理器的干预。 而且,由处理器进行处理并被放置在高速缓冲存储器中的分组被跟踪,而无需处理器的介入,以确定处理器实际上是否完成了那些分组的处理。 如果是这样,与处理的数据包相关联的高速缓冲存储器中包含的数据无效,无需处理器的干预。

    Twin post, telescoping jack hydraulic elevator system
    4.
    发明授权
    Twin post, telescoping jack hydraulic elevator system 失效
    双柱,伸缩式液压升降机系统

    公开(公告)号:US5597987A

    公开(公告)日:1997-01-28

    申请号:US377078

    申请日:1995-01-25

    IPC分类号: B66B1/04 B66B9/04

    CPC分类号: B66B1/24 B66B1/405 B66B9/04

    摘要: A twin post, telescoping jack hydraulic elevator system has a pair of dynamic sensors to determine when the jacks are out of synchronization, by determining any relative differences in height between the two intermediate cylinders. The elevator also includes static sensors to determine if one or both intermediate cylinders are more than a predetermined distance away from their normal positions when the car is stopped at each floor. The controller actuates a resynchronization if the distance between the intermediate jacks exceeds a first threshold, and shuts down the elevator if the distance exceeds a second threshold or if resynchronization demands are issued too often. Preferably, the static sensors are positioned to detect the seal housing at the top of the intermediate cylinder, which projects outwardly from the cylinder.

    摘要翻译: 双柱式伸缩式液压升降机系统具有一对动态传感器,通过确定两个中间气缸之间的任何相对高度差异来确定千斤顶是否不同步。 电梯还包括静态传感器,用于在汽车停在每个楼层时确定一个或两个中间气缸是否超过其正常位置的预定距离。 如果中间插座之间的距离超过第一阈值,则控制器启动重新同步,并且如果距离超过第二阈值则关闭电梯,或者如果再次发出重新同步请求,则该控制器将重新同步。 优选地,静态传感器被定位成检测在中间圆柱体的顶部处的密封壳体,其从气缸向外突出。